The present invention relates generally to information processing, and in particular to systems and methods for monitoring access and usage of individual computer systems and local area networks (xe2x80x9cLANSxe2x80x9d) connected to larger open networks (wide area networks or xe2x80x9cWANSxe2x80x9d), including the Internet.
The explosive growth of the Internet (xe2x80x9cNetxe2x80x9d), particularly the World Wide Web (xe2x80x9cWebxe2x80x9d), has had a dramatic effect on the way many corporations and other organizations do business. The Internet brings a world of information to the fingertips of employees.
However, some of what the Web introduces into the workplace can be non-productive and damaging to a business. Employees who waste company time or resources on non-work-related activities can become a drain on the company. If Internet bandwidth is used for downloading pornography or making personal travel reservations, it could mean slower access for employees doing work. Fellow employees could be exposed to inappropriate material that could ultimately lead to a sexual harassment lawsuit. Just as it is inappropriate to pass around certain materials at work, it is inappropriate for employees to be viewing certain material on company computers, especially if other employees may be unwittingly exposed to that material.
As a result, corporate IS (Information System) departments face new challenges. Companies are increasingly looking for the best way to manage Internet access, and keep objectionable online material out of the workplace. One hundred twenty-two million employees are expected to access the Internet, and 660,000 companies are expected to implement Internet productivity systems in the year 2000.
One extreme solution is to build a company-wide intranet. However, the company""s knowledge-base may not include the information an employee needs. Also, as the use of E-mail becomes more accepted and the Internet continues to grow, cutting employees off from the Web does not make good business sense.
The software industry has introduced a number of products and technologies that are designed primarily to monitor and track the web sites visited by users. Most, if not all of these products are based on filtering software.
Filtering software is designed to help companies control recreational and personal Internet use. The software monitors employee use of the Net and, depending on how it is configured by the employer, prevents employees from visiting certain types of Web sites that could interfere with productivity, tie up Internet bandwidth or violate company policies.
Some filtering software contains what the company calls its list of sites that are inappropriate for employees. Blocked sites are divided into categories so that companies can enable access to specific content categories according to the time of day. For example, an employer could permit access to entertainment sites during the lunch hour or after hours.
To that end, software can be used to deny employees access to sites in such areas as astrology and mysticism, games, entertainment, travel, news, job searches, investment, hobbies and more. In other words, anything an employee might want to do that""s not directly related to his job.
Access levels can be defined on the basis of time of day or the day of the week. The employer could, for example, give users access to a wider range of web sites after 6 P.M. or on weekends. The employer could also define different levels of Internet access for different individuals or groups in the company.
A human resource department, for example, could have access to job search Web sites that might be off-limits to other employees. The chief executive could have unlimited access and still restrict what others can do.
Filtering software is not without limitations. Much of the software won""t run on systems with a modem connection to the Internet. The filtering software requires a server-based mechanism such as a Microsoft or Netscape proxy server or a Check Point Firewall.
While the server-based mechanisms have the advantage of not requiring software to be installed on the client machine, they are incapable of monitoring the actual time spent by the user on any given web page. In addition, LAN server-based mechanisms have the disadvantage of imposing significant performance penalties, especially if the number of clients connected to it is large. This approach usually requires technical expertise since it is difficult to administer and configure.
Filtering software does a good job of blocking out the offensive sites, but the software may inadvertently restrict information that the employee may need. For example, an employee researching breast cancer, or an HR director putting together a presentation on the topic of sexual harassment in the workplace may not be able to obtain the relevant information. Additionally, filtering software requires constant updating due to new web sites with offensive content going on-line daily.
Also, a moderate amount of employee use of the Internet for personal business isn""t necessarily counterproductive. Just as most employers tolerate a certain amount of personal phone calls at work, it may be perfectly acceptable for an employee to use a company PC to make personal travel arrangements, book a dinner reservation, check a stock portfolio or read the newspaper during personal break time.
Another software industry solution, client-based filters (e.g. Surfwatch and CyberPatrol) which prevent users from accessing undesirable Web sites, does not adequately overcome the limitations of centralized filtering. Designed largely as parental control tools for individualized PCs, these programs are easily disabled by uninstalling (accidently or intentionally) the filter. For example, a Windows user can simply reinstall the Windows OS, replacing certain driver files of the filter. This disables the filter and provides the user with unrestricted access to the Internet.
A solution has not yet been proposed to deal with the problems posed by Internet access in the corporate environment. There is a need for a simple system and methods providing companies the means to monitor the exchanges permissible between a local computer and an external network or WANS, including the Internet.
Perhaps the two aspects of Internet access most important to the productivity of an organization are 1) the ability to monitor the amount of time employees spend on the Internet and 2) the web sites employees visit while on the Internet. Although the Internet is an increasingly important business tool, it also poses a temptation for abuse. Employees may be tempted to pursue their own private interests while on the job. The Internet access monitoring system of the present invention addresses this problem by allowing an organization to monitor employee Internet access on a time-spent-per-page and total time-per-week basis. The actual monitoring can be done in a variety of ways, including monitoring the time and web site history of an employee actively interacting with the Internet, and/or monitoring the complete time and web site history of particular groups of users accessing the Internet.
The present invention addresses the bandwidth concerns by limiting access to the Internet to certain times of the day and monitoring employees. When an employee knows that he is being monitored, he is much less likely to surf inappropriate material on the Internet.
The present invention provides system and methods for client-based monitoring of Internet access, which operate in conjunction with an enforcement supervisor located on a remote web server. In accordance with the present invention, a central filter and centralized enforcement supervisor are not used. Instead, the present invention provides a client side mechanism for tracking Internet usage on a time-spent-per-web-page basis within a browser such as Microsoft Internet Explorer and transmitting this information to a remote web site (over the Internet or any other network) where authorized personnel can access the information over the Internet.
The client-based monitoring module in a preferred embodiment performs all the monitoring and logging work. Each time the user navigates to a new web page, the previous web page title, location (Universal Resource Locator or URL), and time spent are then stored by the client component in memory on the client computer. The web page title and URL are obtained from system notifications from the browser to the client component. The client computer uploads the log containing the web page information to a web-based supervising module.
The present invention provides guidelines that can include criteria such as total time a user can be connected to the Internet (e.g., per day, week, month or the like), and the time a user can interactively use the Internet (e.g., per day, week, month, or the like). These guidelines can be qualified by optionally specifying: to whom should a rule apply (list of users, list of work groups, or all); time of day when the rule should be applied (for example from 9 a.m. to 5 p.m.).
All the logged information is viewable by an administrator in either a summary format (total number of hours spent by each user) or in a detailed format (time per web page with details such as the web page tile, URL, and time) by visiting the web site and entering the Administrator authentication information. This function is the same as that of a history log except that a web-based format does not permit modification by the client machine.